CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

CVE-2026-40184 Unauthenticated Access to Uploaded Files in TREK

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

UBUNTU-CVE-2026-4739

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK ‎Modules/ThirdParty/Expat/src/expat modules.This issue affects ITK: before 2.7.1...

CVE-2026-0658

The CVE affects the Five Star Restaurant Reservations WordPress plugin (before 2.7.9). Root cause: missing CSRF protections in some bulk actions, enabling a logged-in admin to perform unintended actions (e.g., deleting bookings) via CSRF. Impact described as potential unauthorized admin actions; ...

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

CVE-2023-49208

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration...

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

EUVD-2025-50780

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-46149

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error...

GO-2025-3954 Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh

Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

PYSEC-2023-152

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

Rancher Labs Rancher 跨站脚本漏洞

Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from Rancher Labs, Inc. in the United States. Rancher Labs Rancher versions prior to 2.6.0 through 2.6.13 and 2.7.0 through 2.7.4. A cross-site scripting vulnerability exists that stems from the presen...

SUSE CVE-2013-1399

Multiple cross-site request forgery CSRF vulnerabilities in the 1 node request management, 2 live management, and 3 user administration components in the console in Puppet Enterprise PE before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

PT-2021-23169 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.0 through 2.6.0 TensorFlow versions 2.5.0 through 2.5.1 TensorFlow versions 2.4.0 through 2.4.3 Description: TensorFlow allows tensors to have a large number of dimensions and each...

Github ulfius输入验证错误漏洞

Github ulfius is the HTTP framework for REST applications in C. An input validation error vulnerability exists in ulfius, which stems from the coninfo initialization of ulfiusurilogger and coninfo-request in the product failing to adequately check HTTP requests. The following products and version...

UBUNTU-CVE-2021-28091

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature...

Nagios IM Arbitrary Code Execution Vulnerability

Nagios Incident Manager IM is a network time manager from the US-based Nagios. The product is primarily used to manage and track network event history. A security vulnerability exists in Nagios IM versions prior to 2.2.7. An attacker can exploit the vulnerability to execute arbitrary code...

DEBIAN-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...